CVE-2018-10731

Vulnerability

A stack-based buffer overflow exists in the web interface of Phoenix Contact FL SWITCH 3xxx, 4xxx, and 48xx series devices running firmware versions 1.0 to 1.33 [1]. The vulnerability is triggered when the device processes a specially crafted HTTP GET request containing a very large cookie value. This is distinct from CVE-2018-10728, which involves a different buffer overflow.

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending a crafted HTTP GET request with an oversized cookie to the affected device [1]. No authentication or user interaction is required, and the attack can be carried out with low skill level.

Impact

Successful exploitation can result in a denial of service (device crash) or arbitrary code execution in the context of the web server [1]. This could allow an attacker to take full control of the switch, leading to potential network disruption or data compromise.

Mitigation

Phoenix Contact has released firmware updates to address this issue [1]. Users are advised to upgrade to firmware version 1.34 or later. If upgrading is not possible, the vendor recommends restricting network access to the web interface. No workarounds are provided. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.